Jump to content
WESK

Paypal G2 G5 VeriSign Trusted Root Certificate

Recommended Posts

I received this email about Paypal upgrading to G5 but it refers to VeriSign but I use Godaddy's Secure Certificate Authority - G2. Does anyone know if this Godaddy G2 will be allowed come Paypal's coming upgrade?

 

 

Edit: I was just on godaddy chat and they didnt seem to know about it....After they contacted their ssl team I got this reply... "OK so it seems that messages is a about a verisign certificate type and what PayPal requires from Verisign, Our SSL Certificate services team does not believe it has anything to do with Go Daddy. "

 

Thoughts?

 

The email is below...

 

ACTION MAY BE REQUIRED: PayPal service upgrades for merchants.

 

Because we support our merchants in helping them grow their business, we continue to make significant investments and improvements to our infrastructure. These improvements sometimes require us to perform necessary service upgrades.

Please read below as we explain what the change is, and what action may be required by you.*

What’s happening?

Over the course of 2015 and 2016, PayPal will be working towards upgrading various SSL certificates. The changes include upgrading the following:

  1. The version of the VeriSign Trusted Root Certificate used to establish secure connections to PayPal.
  2. The signing algorithm of certificates (from SHA-1 to SHA-256).

Why is this happening?

We’re taking measures to address industry-wide security concerns which aren’t unique to PayPal. When implemented, these measures can help us improve the security and reliability of our PayPal integrations and help guard against current and future security threats.

When is this happening?

We’ve published the schedule of our service upgrade plan. Please check our 2015-2016 SSL Certificate Change microsite for the most recent updates as published schedules may change. Our efforts to upgrade SSL certificates for our production endpoints are scheduled to start in May 2015, and will continue into next year.

Please note – The Sandbox environment is ready for testing. Testing in the Sandbox environment is one of the best ways to make sure your integration works.

What do I need to do?

For information regarding the important details of these upgrades, how it may impact your integration, and what you must do to future-proof your integration, please refer to the Merchant Security System Upgrade Guide on the microsite.

*Please note – If you’re impacted by this upgrade, you may be required to implement these changes prior to the dates listed on the microsite. Otherwise, you may not be able to process payments through your current integration with PayPal. In addition, if you’re integrated with a third party, please check with them on any additional steps you may need to take.

Questions can be directed to our Merchant Technical Services team on our Technical Support website. Click here for more information.

Thanks for your patience as we continue to improve our services.

Edited by WESK

Share this post


Link to post
Share on other sites

Wondering about this myself, it appears somewhat important. Can anyone tell us what this might mean for Paypal and osCommerce?

 

THANK YOU!

Share this post


Link to post
Share on other sites

It would be good to get an official response from the osCommerce team but this will largely depend on what version of osCommerce you are running. the PayPal module you are using and your hosting environment. Over at Zencart (an old osCommerce clone) they say it won't effect the code but they have advised

 

FOR THE TECHNICALLY-INTERESTED:
PayPal's update is occurring in 2 stages: A VeriSign G2-to-G5 Root Certificate Upgrade, and then a SHA-256 SSL certificate.

And, strictly speaking, those changes have NO IMPACT on the PHP code used in Zen Cart. But they do affect underlying server technologies used on your webserver.

1. VeriSign Root Certificate Upgrade:
We've already tested Zen Cart against the PayPal sandbox, which is already using the Verisign G5 Root Certificate, and it works fine. But that's because the webservers we tested on already have the Verisign G5 Root Certificate authority files installed. Your host can help you with this. See the link below.

2. SHA-256 SSL certificate
PayPal isn't updating the "api-3t.paypal.com" endpoint (used in Zen Cart v1.3.x and v1.5.x) until June 2016 (and sandbox too, so we can't test that just yet; nevertheless, it's a server config thing, not a Zen Cart thing).
But in 2015 there is a big push for all webservers to start using SHA-256 SSL certificate chains. As such, you should ensure that your hosting company properly updates your server's SSL certificate store.

a) PayPal offers some advice for your hosting company here: https://ppmts.custhelp.com/ci/fattac...20English).pdf

b) And you can also ask your hosting company to fix any SSL problems reported for your site as mentioned in #3 above.


Kym

Projects Director @ ozEworks.com

Share this post


Link to post
Share on other sites

In case the first link to the PayPal Merchant Security System Upgrade Guide in the PayPal message below is broken/behind a login that you don’t have, here’s the direct link from PayPal's SSL Certificate Change Microsite linked from that message:

https://ppmts.custhelp.com/ci/fattach/get/487025/1429638687/redirect/1/filename/2015%20Merchant%20Security%20System%20Upgrade%20Guide%20%28U.S.%20English%29.pdf

 

After upgrading the SSL to SHA256 and 2048-bit, doesn't the new certificate chain need to be placed in the CRT file?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×